Lifeboat Foundation

The number of vulnerability disclosures impacting extended internet of things (XIoT) devices increased by 57% in the first half of 2022 compared to the previous six months, according to a new report by Team82, the research team of cyber-physical systems (CPS) security firm Claroty.

The research also found that vendor self-disclosures increased by 69%. This would be a first for the industry, which usually relies more for disclosures on independent research teams. According to Team82, the trend indicates that more operational technology (OT), IoT, and internet of medical things (IoMT) vendors are establishing vulnerability disclosure programs and dedicating more resources to them.

Additionally, fully or partially remediated firmware vulnerabilities increased by 79% over the same time period, a significant improvement considering the relative challenges in patching firmware versus software vulnerabilities.

Twitter executives misled federal regulators and the company’s own board about “extreme and egregious shortcomings” in its defenses against hackers and its meager efforts to combat bots, said a former chief security officer Peiter Zatko.

What happens inside Twitter?

Continue reading “‘Half of Twitter’s roughly 7,000 full-time workers have complete access to its code and user confidential data’ Says its former chief security officer Peiter Zatko” »

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Digital twins enable enterprises to model and simulate buildings, products, manufacturing lines, facilities and processes. This can improve performance, quickly flag quality errors and support better decision-making. Today, most digital twin projects are one-off efforts. A team may create one digital twin for a new gearbox and start all over when modeling a wind turbine that includes this part or the business process that repairs this part.

Ideally, engineers would like to quickly assemble more complex digital twins to represent turbines, wind farms, power grids and energy businesses. This is complicated by the different components that go into digital twins beyond the physical models, such as data management, semantic labels, security and the user interface (UI). New approaches for composing digital elements into larger assemblies and models could help simplify this process.

Apple has released security reports revealing major security flaws allowing hackers to complete control of a user’s iOS or macOS device.

DARPA has launched a competition to find AI solutions that can help with sourcing critical minerals.

Critical minerals are raw, non-fuel materials that are vital for manufacturing products that are essential to national security.

DARPA is teaming up with the US Geological Survey (USGS) to explore how machine learning and AI can accelerate critical mineral assessments.

Asteroid Bennu was in the news recently for an astonishing discovery. NASA scientists revealed that the asteroid has a surface that appears similar to plastic balls. The discovery dates back to October 2020, when NASA successfully collected a sample from the asteroid.

During the sampling event, the sampling head of the OSIRIS-REx (Origins, Spectral Interpretation, Resource Identification, Security-Regolith Explorer) spacecraft had sunk by 1.6 feet (0.5 meters) into the surface of the asteroid. The space agency found that Bennu’s exterior is made of loosely packed particles that are haphazardly packed together. The spacecraft would have sunk right into the asteroid if it hadn’t fired its thruster to back away after collecting dust and rocks.

Over the past decade, digital cameras have been widely adopted in various aspects of our society, and are being massively used in mobile phones, security surveillance, autonomous vehicles, and facial recognition. Through these cameras, enormous amounts of image data are being generated, which raises growing concerns about privacy protection.

Some existing methods address these concerns by applying algorithms to conceal sensitive information from the acquired images, such as image blurring or encryption. However, such methods still risk exposure of sensitive data because the raw images are already captured before they undergo digital processing to hide or encrypt the sensitive information. Also, the computation of these algorithms requires additional power consumption. Other efforts were also made to seek solutions to this problem by using customized cameras to downgrade the image quality so that identifiable information can be concealed. However, these approaches sacrifice the overall image quality for all the objects of interest, which is undesired, and they are still vulnerable to adversarial attacks to retrieve the sensitive information that is recorded.

A new research paper published in eLight demonstrated a new paradigm to achieve privacy-preserving imaging by building a fundamentally new type of imager designed by AI. In their paper, UCLA researchers, led by Professor Aydogan Ozcan, presented a smart camera design that images only certain types of desired objects, while instantaneously erasing other types of objects from its images without requiring any digital processing.

The quadrupedal robots are well suited for repetitive tasks.

Mankind’s new best friend is coming to the U.S. Space Force.

The Space Force has conducted a demonstration using dog-like quadruped unmanned ground vehicles (Q-UGVs) for security patrols and other repetitive tasks. The demonstration used at least two Vision 60 Q-UGVs, or “robot dogs,” built by Ghost Robotics and took place at Cape Canaveral Space Force Station on July 27 and 28.

Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads.

Vendor-specific bootloaders used by Windows were found to be vulnerable while the status of almost a dozen others is currently unknown.

Threat actors could exploit the security issue to establish persistence on a target system that cannot be removed by reinstalling the operating system (OS).